Possible Win32 infection/Personal Antivirus combo??

part 2

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143761723\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\1143761723\\ee\\aolsoftware.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/5/2005 10:21 PM 28800]
S2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-03 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-03 01:26]

2009-09-03 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-03 01:26]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-Dell Photo AIO Printer 922 - c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
ShellExecuteHooks-{03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - c:\program files\Trend Micro\Tmas\sshook.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {{CDAFD956-97BE-443D-8EF7-F4F094EB5766} - c:\program files\Crawler\SSaver\CSSaver.exe
Trusted Zone: rapmls.com
Trusted Zone: swmric.com
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://realist2.firstamres.com/mapviewer/mapviewer.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 17:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2892)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\dlbtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\AOL\1143761723\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-09-08 17:49 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-08 21:49

Pre-Run: 38,903,975,936 bytes free
Post-Run: 39,818,813,440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /PAE

288 --- E O F --- 2009-08-27 14:33

I had to do it in 2 parts.. it was too big.
Hope this takes care of it..

Let me know how I did.. Thank you so much!!!!!

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

you know, its hard to say, it still has over 70 processes open when i look at the task bar, but the internet seemed to have improved a little.
I haven't been on that much but it does seem to get stuck less already...
I will run this and get to you.

Thank you so much!!!! You are the best!!!

Ok, not good, I went to do this and the ComboFix program was gone!!!
the super annoying AOL detected something earlier called Backdoor..something.. and suggested I block it so I did...

Went to dowload combofix again from your link and look at what happened:

McAfee has automatically blocked and removed a Trojan.

About this Trojan
Detected: Artemis!7E991BABFAC8 (Trojan), Artemis!7E991BABFAC8 (Trojan)
Location: C:\Documents and Settings\Jessy Ulloa\Local Settings\Temporary Internet Files\Content.IE5\GI7T2KDG\ComboFix[1].exe

Trojans appear as legitimate programs but can damage valuable files, disrupt performance, and allow unauthorized access to your computer.

Help..

Update for you... after all this, I thought I checked my AOL spyware and thought I had blocked combofix so I unblocked the last threat (thinking it was combofix)
That's when I went to re-Install it and it cambe back with the warning.. I couldn't find it in the AOL box to block again so I ran another scan and it found something called Bifrost and on the description it said something about back door.. it also found 189 tracking cookies... blocked and deleted everything of course. But my task manager is still showing all these procesees.

Also, my computer seems to be starting up on safe mode always after the combofix run... is it going to stay that way???

Am I doing something wrong??? I think thing is getting in everything I install to get rid of it... it's smarter than all these cures....

Thanks for your help once again... i'm losing my faith. These crooks are everywhere now.. all over my computer.

Hello.
Mcafee hates Combofix, that's why it was detected in temp files. Combofix is made up of lots and lots of little bits to make one big gun, that's why it's so powerful and effective.

Go to Start > Run. Type in "msconfig" and hit enter.

DO NOT mess around with the following options without my instructions.

Now go to the boot.ini tab. Is "/safeboot" ticked? if so, untick it.

sorry i was MIA for a sec... lol. work stuff.

It wasn't checked. so i just exited out of there. I noticed today that it's going to the black screen when I re-start but it's not safe mode anymore it's just the black screen. The recovery box thing that the combofix installed is showing up above windows Xp on the black screen every time i turn the comp on.

I have to tell you that the AOL spyware program did something because after it deleted that back door thing I told you about It seems to have been running much much faster. What I wonder is, are all those active processes in the task bar (68 of them right now!!!) normal??

Thank you for your help again!!!